Privacy & Encryption
When it comes to banking, security is a primary concern. We protect the privacy and the confidentiality of communications between you and our servers. We maintain isolation of our computers from the Internet.The privacy of the communications between you and our servers is ensured using encryption. Encryption scrambles messages exchanged between your browser and our online banking server.
How Encryption Works
When you go to log in to Online Banking, your browser establishes a secure session with our server. The secure session is established using a protocol called “Secure Sockets Layer” (SSL) encryption. This protocol requires the exchange of what are called public and private keys. Keys are random numbers chosen for that session and are only known between your browser and our server. After the keys are exchanged, your browser uses the numbers to scramble (encrypt) the messages sent between your browser and our server. Both sides require the keys because they need to descramble the messages when they‘re received. The SSL protocol not only ensures privacy, but also ensures that no other website can “impersonate” the login nor alter the information sent.
TIP: You can tell whether your browser is in “secure mode” by looking for the secured-lock symbol in your browser window.
What’s 128-bit Encryption?
The numbers used as encryption keys are similar to a combination lock. The strength of encryption is based on the number of possible combinations that a lock can have. As the number of possible combinations grows, it becomes less likely that anyone would be able to guess the combination in order to decrypt the message. Today’s browsers offer 40-bit encryption or 128-bit encryption. Although both result in a large number of possible combinations (240 and 2128 respectively), for your protection, our servers require the browser to connect at 128-bit encryption. Users are unable to access Online Banking at lesser encryption levels.
NOTE: Some users may need to upgrade their browser to the stronger encryption level.
40-bit vs. 128-bit Encryption
Imagine that you have 40 light bulbs, and each bulb can be set to on or off. Now, imagine all the different combinations of on & off. That’s 1.0995 x 1012 — or 1,099,500,000,000 possibilities. Then, imagine 128 bulbs and their combinations… that’s 340,282,366,920,938,000,000,000,000,000,000,000,000 possibilities!
Our Network Security
We provide various security features in Online Banking. For example, the system “times out” after a period of inactivity. However, we recommend you always log out when you’re done with Online Banking. It’s important to note the computers that store your account information aren’t hooked up to the Internet. The transactions you initiate online are received by our Online Banking web servers. These servers route transactions through firewall servers (which act as traffic cops between segments of the Online Banking network and the Internet). This isolates the publicly accessible web servers from data stored on our servers and ensures that only authorized requests are processed. Various control mechanisms (including intrusion detection and anti-virus) monitor and protect our systems from potential malicious activity. Additionally, our servers are fault-tolerant, and provide uninterruptible access.
A cookie is a text file that a web server stores temporarily with a browser. Once the cookie’s stored, a site’s web server can later retrieve that information for that browser. For example, you’ve probably added items to a “cart” while to shopping online. Your browser is able to store those added items so you can pay for everything at once. It’s efficient for a browser to track information like this, compared to having a web server remember who bought what — especially if there are thousands of people using the server.
When browsing the web, cookies that are sent to a browser are stored in the computer’s memory. When the browser is closed, any cookies (that haven’t expired) are written to a “cookie file” so they can be reloaded next time the browser is used.
Online Banking uses a different kind of cookie: this type of cookie is known as a “pre-expired” cookie (also known as a “session” or “non-persistent” cookie). These cookies are temporary and aren’t stored to the user’s computer memory. These cookies are part of the stringent-security measures in the Online Banking system. As a user navigates Online Banking, a pre-expired cookie is set each time a page is viewed. Pages within Online Banking aren’t “cached,” and so they must always be re-retrieved from the server. Pre-expired cookies keep the session alive until a user logs out (or times-out) of Online Banking. Once this occurs, the user must log in again.